Policy Brief: Good Governance and Rule of Law Principles for Data-Driven Technologies in Public Health Emergencies

This report forms part of the project The Role of Good Governance and the Rule of Law in Building Public Trust in Data-Driven Responses to Public Health Emergencies, a COVID-19 Rapid Response research project funded by the Arts and Humanities Research Council on behalf of UK Research and Innovation (grant AH/V015214/1).

As the Covid-19 pandemic swept the world in 2020 and 2021, governments turned to data-driven technologies to help save lives and, ultimately, to pave a way out of lockdown and back to normality. Statistical data informed decisions on when and where to impose a lockdown, when to lift one, what safety measures to impose, and when to lift them, who to prioritise for vaccination, and many other types of future planning. 

Much of the debate in the first part of the pandemic swirled around the hoped-for "silver bullet" of the contact tracing app. After some first failed attempts, most European countries deployed technologies that were more rights-protective, driven not just by public concern but by the need to cooperate with the infrastructure policies of large technology companies such as Google and Apple. These "contact tracing app" wars are of lasting significance but have been well documented already and are traced in summary in our Rapid Response Evidence Review (WP3-D1 pages 5-11). Here we have tried to break new(er) ground and provide useful advice to policymakers on how a wider range of data driven technologies have challenged principles drawn from human rights, rule of law and good governance literature .

This policy document discusses four data-driven Covid-19 technologies deployed in the UK which we have studied in detail:

• contact tracing apps (part of WP3-D1)

• "vaccine passports" (WP3-D1 and WP3-D2A)

• vaccine allocation algorithms (QCovid), (WP3-D1 and in discussions with citizens juries run by the Ada Lovelace Institute)

• venue check-in apps (WP3-D2B)

We also analysed separately in WP3-D2C, the judiciary's attitude to scrutinising the actions of the executive during the pandemic - as there have been no decided cases directly on data-driven COVID technologies, we drew on cases involving data, and COVID-related cases not related to technology.

The success and effectiveness of these technologies rests on public trust and widespread participation. The more people use them or respect their decisions, the more successfully they can achieve their aims. Public trust is underpinned by respect for good governance and the rule of law on the part of the government implementing these technologies. Drawing on research carried out in other parts of this work package, and on insights from the Ada Lovelace citizens juries, the four technologies are thus examined in light of good governance and rule of law principles: transparency, non-discrimination, privacy, and democratic accountability and scrutiny.

We became aware while working through these papers that governance by app - "code as law" - is a relatively unaddressed problem in terms of rule of law and human rights scrutiny in the UK. This issue has come to the fore in COVID-19, where apps such as vaccine passports have the potential to substantially affect rights and freedoms yet are subject to little or no public or legislative scrutiny in their development phases.

This policy brief concludes with a series of recommendations aimed at government policy makers with respect to the development and deployment of data-driven technologies during public health emergencies. These are not intended to be specific to the Covid-19 pandemic, but rather take forward lessons learned from the experience in the UK with the four technologies discussed in this paper.